In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
{
"cpe": [
"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*",
"cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.4.0"
},
{
"introduced": "4.0.0-beta"
},
{
"last_affected": "4.0.0-beta"
}
],
"source": [
"CPE_RANGE",
"CPE_STRING"
]
}